<?php

function checkUser() 
{
  
  if (!isset($_SESSION['swgeek_userid'])) {
    header('Location: http://' . $_SERVER[SERVER_NAME] . '/login.php');
    exit;
  }
 
  if (isset($_GET['logout'])) {
     doLogout();
  }
  
}

function doLogin()
{
  
  $userName = $_POST['txtUserName'];
  $password = $_POST['txtPassword'];

  //XXX this must be checked against user/pass queried from the database

  $errorMessage = '';

  if ($userName == 'admin' && $password == 'admin') {

    // set session variable
     $_SESSION['swgeek_userid'] = $userName;

    // redirect to index.php
    header('Location: http://' . $_SERVER[SERVER_NAME] . '/index.php');
    exit;
  } else {
    $errorMessage = "Wrong username or password";
  }
  return $errorMessage;
}

function doLogout()
{
  if(isset($_SESSION['swgeek_userid'])) {
     unset($_SESSION['swgeek_userid']);
     session_destroy();
  }

  header('Location: http://' . $_SERVER[SERVER_NAME] . '/login.php');
  exit;
}
?>
